Each user account is like its own separate PC. Every user
has his or her private Documents, Pictures, Music, and Video folders
for storing files. Each user account can have its own Windows apps,
e-mail account, and Internet favorites. Each user can customize the
desktop, Start menu, and other settings to that user’s own liking.
When you first start your computer, the Windows
lock screen appears. Press Enter, swipe up (on a tablet or touch
screen), or roll the mouse wheel up to display the sign in screen. You
also see the sign on screen when you sign out of your user account. If
you click a user account that isn’t password-protected, you’re taken
straight into the account. But if you click the picture for a
password-protected account, a password prompt appears.
To get into the account, you need to
enter the appropriate password. Entering the wrong password displays a
message stating the user account name or password is incorrect. You can
click OK to try again. You can’t get into the user account until you’ve
entered the correct password for the account.
The first time you (or someone else) log in to a
new user account, it’s just like starting Windows 8 on a brand-new PC.
The desktop has the default appearance. All of the document folders in
the account are empty. There is no e-mail account, no Internet
favorites, and no Windows apps installed. To use e-mail, the user (or
administrator) needs to set up the account with an e-mail account,
preferably an account used only by that user.
The user does have access to all the programs
installed on the computer (except for rare cases in which someone
installed a program for personal use only). The user will likely have
Internet connectivity through the same network or Wi-Fi as all other
user accounts.
If the user account is a standard account, there
are some limitations to what the user can do. For one, Windows settings
are not synced with other devices, such as a Windows Phone or tablet.
Also, the user cannot make any changes to the system that would affect
other users. That’s where Windows 8’s User Account Control (UAC)
security comes into play.
Understanding User Account Control
User Account Control (UAC) is the
general term for the way administrative and standard user accounts work
in Windows 8. As you browse around through various pages in the Control
Panel, you’ll notice that many links have a shield icon next to them.
For example, if you display the Control Panel and click User Accounts
And Family Safety, you see the options shown in Figure 1.
Items that have a shield icon next to them
require administrative approval. Items without a shield icon don’t. For
example, any user can change his or her Windows password, with or
without administrative approval.
Options that do have a shield icon next to them
require administrative approval. But you don’t necessarily need to be
logged in to an administrative account to use those options. You just
have to prove that you have administrative privileges. You do that by
entering the password for an administrative account. When you click a
shielded option, a dialog box appears. To prove you have administrative
privileges on this computer, enter the password for the administrative
user account and click Submit (or OK in some dialog boxes).
Of course, when someone who doesn’t know the
administrative account password encounters the User Account Control
dialog box, he or she is stuck. Users who don’t know the password can’t
go any further. This prevents the standard user from doing things that
might affect the overall system and other people’s user accounts. It
also prevents children from overriding parental controls.
Privilege escalation in administrative accounts
If you happen to be logged in to an
administrative account when you click a shielded option, you don’t need
to enter an administrative password. After all, if you’re in an
administrative account, you must already know the password required to
get into that account. You don’t need to prove that you know that
password again. But, by default, you’ll still see a prompt telling you
that the program you’re about to run makes changes to the system. You
have to click Continue to proceed.
It might seem odd (and irritating) that you still
have to click something to get to the item you clicked. But it works
that way for a reason. The dialog box lets you know that the program
you’re about to run is going to make changes to the overall system. You
expect to see that dialog box after you click a shielded option. And
with time and experience, you’ll learn to expect it when you do other
things that affect the system as a whole, such as when you install new
programs.
Sometimes it occurs when you don’t expect to see
it. For example, when opening an e-mail attachment, you wouldn’t
normally expect to see that message. After all, opening an e-mail
attachment should just show you the contents of the attachment, not
make a change to the system as a whole. Seeing the warning in that
context lets you know that something fishy is going on, most likely
something bad in the e-mail attachment. You can click Cancel to not
open the attachment, thereby protecting your system from whatever virus
or other bad thing lies hidden within the e-mail attachment.
On a more technical note, UAC operates on a
principle of least privilege. When you’re in an administrative account,
you actually run with the same privileges as a standard user. This is
done to protect your system from malware that would otherwise exploit
the privileges of your administrative account to make malicious changes
to your system.
When you enter a password or click Continue in
response to a UAC prompt, you temporarily elevate your privileges to
allow that one change to be made. After that change is made, you’re
back to your more secure standard user privileges. This is how things
have been done in high-security settings for years, and it is
considered a security best practice.
